lead-research-assistant
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill's core functionality relies on researching external companies via web searches, job postings, and news. This creates a significant attack surface where malicious instructions embedded on a target's website or in a job description could influence the agent's behavior or output.
- Ingestion points: Web search results, company websites, job boards, and news articles (SKILL.md, Instruction 3).
- Boundary markers: Absent. There are no instructions to the agent to disregard natural language commands found within the external data.
- Capability inventory: Web search and codebase analysis.
- Sanitization: Absent. The skill does not define any validation or filtering for the external content it processes.
- Data Exposure (LOW): The skill encourages the user to run it from their product's source code directory to 'analyze the codebase' (SKILL.md, Instruction 1). This instruction presents a risk of sensitive information (e.g., hardcoded secrets, configuration files, or internal documentation) being ingested into the LLM context. While no explicit exfiltration command is present, this data becomes part of the prompt context and could be inadvertently included in the generated output or leaked via indirect injection.
Audit Metadata